One of the scariest books that I have ever read is “One Second After” by William Forstchen. The book is the gripping story of what happens to a small North Carolina town after a nuclear electromagnetic pulse attack on the United States. After the EMP destroys the power grids for the entire country, starvation and anarchy become the order of the day. Now it seems that hackers may soon be able to achieve the same result without a nuclear missile.
The New York Times details an urgent joint report by the FBI and the Department of Homeland Security that says that hackers have been attacking computer networks of nuclear power and other energy companies since May. The attacks have occurred in the United States as well as other countries.
The extent of the attacks is not known. The report also did not specify whether the goal of the hackers was commercial espionage or something more destructive, such as disabling safety systems or shutting down electric power production and distribution grids. The story cites a joint statement by the FBI and DHS that said, “There is no indication of a threat to public safety, as any potential impact appears to be limited to administrative and business networks.”
According to the report, the hackers appeared to be mapping the computer systems in possible preparation for a future attack. The code used in the attacks has not been fully analyzed to confirm this theory.
The strategy seems similar to the pattern of cyberattacks on the Ukraine by Russia. In December 2015, intrusions similar to the foray into American energy company computers preceded a hacker-caused blackout in the Ukraine. Wired reports that power was restored to most areas after a few hours, but that it took months to fully restore operational control.
The hackers in the Ukraine cyberattack rewrote the firmware that controls critical equipment at some substations so that even though the power was on, operators could not control the breakers remotely. The Ukrainians had to use manual backups to restore power to their grid in these areas, but many American companies lack these manual controls. A cyberattack on the American power grid might result in a long blackout as companies try to rewrite the malicious code.
As with the Ukraine attack, the primary suspect for the cyberattacks on American power companies is a “state actor,” most likely Russia. While Russian involvement has not been confirmed, sources in the Times report say that the attacks resemble the previous work of “Energetic Bear,” a Russian hacking group that has been linked to numerous attacks on energy companies since 2012.
Some of the attacks were reportedly initiated by “phishing” emails sent to senior engineers that contained fake resumes that were infected with malicious code. In some cases, the hackers corrupted legitimate sites that were frequented by their targets. This sort of attack is referred to as a “watering hole” attack. The hackers are also known to have used the “man-in-the-middle” strategy which redirects a target’s legitimate internet traffic through servers controlled by the hackers.
The timing of the attacks coincided with a cybersecurity Executive Order issued by President Trump on May 13. The order allows cybersecurity experts in US intelligence agencies to share their expertise with industries such as energy companies. The president also instructed the government not to buy technological equipment from Russian and Chinese companies and to focus on securing power grids and other parts of US infrastructure from cyberattacks.
There are many warning signs that our electronic infrastructure is vulnerable and at risk of a crippling cyberattack. President Trump’s Executive Order is a step in the right direction, but it will take years to fully secure power grids and company computer systems against cyberattacks. There seems to be no time to waste.